Monday, July 28, 2008

Monday News Feed 7/28/08

It's good to be back from vacation, and onto the news...





AOL Sued for the Names of Bloggers Critical of Memphis Police Leadership
The city of Memphis, Tennessee sued AOL for the names of people contributing to the web blog MPD Enforcer 2.0. The blog is critical of law enforcement leadership and is very popular with Memphis police. The blog is credited with raising public discussion about the use of law enforcement resources.
Police director sues to find identity of blogger critical of MPD, Commercial Appeal, July 22, 2008
Posted by EPIC on July 22, 2008.Permanent link to this item. --> -->






GMail Flaw Exposes Personal Information
Gmail privacy flaw reveals user name provided when the e-mail account was established. When Gmail users share Google Calendar items with each other the first and last name registered by the sender can be viewed by the recipient. This flaw can effect the privacy of Gmail users who use e-mail pseudonyms instead of their actual name.
Gmail Privacy Hole Shows User Names, Information Week, July 16, 2008
Posted by EPIC on July 17, 2008.Permanent link to this item.






Several articles about the recent DNS Cache Poisining attacks:
http://isc.sans.org/diary.html?date=2008-07-25
New DNS exploit now in the wild and having a blast





Write-Once Read-Many Memory Cards
SanDisk has introduced Write-Once Read-Many Memory (WORM) cards for forensic applications.






Anti-Terrorism Stupidity at Yankee Stadium
They're confiscating sunscreen at Yankee Stadium:






RealNetworks RealPlayer Multiple Vulnerabilities - Highly critical - From remote
Issued 3 days ago. Updated 7 hours ago.
Some vulnerabilities have been reported in RealPlayer, which potentially can be exploited by malicious people to disclose certain information or compromise a user's system.






Man Gets 4 Years for ID Theft, Software Piracy
A 23-year-old Oregon man was sentenced this week to four years in federal prison for using computer viruses to steal financial data from dozens of consumers. Investigators say the man used the information to set up multiple eBay and PayPal accounts, which helped him sell more than $1 million worth of pirated software.

Jeremiah Joseph Mondello, of Eugene, Ore., admitted distributing keystroke logging programs via online instant message networks. Investigators say he then used bank account credentials stolen from victims to set up more than 40 online auction accounts in the victims' names.

The judgment is almost unheard of for a non-violent crime committed by an individual with no criminal history: Mondello will serve 48 months in jail, followed by three years of supervised release and 450 hours of community service. Federal investigators also seized computers and $220,000 in cash from Mondello.

The government also is entitled to seize his three-bedroom, 1,130 square foot house and surrounding land -- currently valued at $225,000.
http://blog.washingtonpost.com/securityfix/2008/07/man_gets_4_years_for_id_theft_1.html#more





Report: Small biz weak in cybersecurityNews Brief, 2008-07-25
Most small- and medium-sized companies believe that they operate under cybercriminals' radar, but a study finds that one-in-five firms have been attacked.





E-Gold pleads guilty to money laundering Robert Lemos, 2008-07-23
In a plea agreement with the U.S. government, the company's founders agree to charges of operating an unlicensed money transfer business, but the business aims to continue.





Metasploit releases double-whammy for DNSNews Brief, 2008-07-24
HD Moore and another researcher release two exploits for the high-profile domain-name system flaw under the Metasploit framework.





UPS Spammers Switch to the US Customs






UPS, E-Tickets and MoreJuly 28, 2008The Pushdo botnet has added three more spam themes to distribute malware along with its UPS theme.






Rustock malicious spam updateJuly 24, 2008Malicious spam from the Rustock botnet continues in large numbers.






SF Reveals Usernames And Password To City Network In Accidental Effort To Prove Terry Childs' Case For Him






What Is Undetectable Malware?
OMG, undetectable Trojans are coming to get us! At least that’s what a story in The Register says, referring to Limbo 2.
...







Get Ready For Google Gadget MalwareTechWeb - Fri Jul 25, 3:00 PM ET
InformationWeek - At Black Hat, RSnake is expected to demonstrate a zero-day vulnerability that allows for information theft, spoofing, and authentication issues.






Chinese hackers steal 9 million items of personal information from South Koreans





Google Adwords Advertisers Targeted By Phishing Cyber Criminals From China By Grey McKenzie 07/25/2008





There's still HOPE for hackers by Noah Schiffman
The seventh and last HOPE (Hackers on Planet Earth) conference took place last weekend, bringing the 14 year old biennial...





City Missed Steps to Avoid Network Lockout IT executives and analysts list some steps that San Francisco officials could have taken to prevent a disgruntled employee from locking IT administrators out of the citys fiber backbone network. Read more...




San Francisco DA discloses city's network passwords





Credit card firms investigate fraud at Canadian airport kiosks

No comments: